Black Arrow Cyber Advisory 30/01/2023 – GoTo Encrypted Backup and Encryption Keys Theft

Executive Summary

Following on from a security incident in November 2022, GoTo, a remote access and communications software provider who also own LastPass, has announced that a threat actor exfiltrated encrypted backups from a third-party cloud storage service, along with an encryption key which allowed access to a “portion” of these encrypted backup files.

What’s the risk to me or my business?

According to GoTo, the products impacted are “Central, Pro, join.me, Hamachi, and RemotelyAnywhere”. GoTo later explain that the affected information varies depending on the product and may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings and some licensing information and product settings. In addition to this, whilst GoToMyPC and Rescue were not exfiltrated, MFA settings of a small subset of their customers were impacted.

What can I do?

As a precaution we would recommend that users change their password of affected accounts and ensure that multi-factor authentication is enabled all accounts where available.

GoTo have been resetting passwords and re-authorising MFA settings of affected users. The users have then been migrated onto an “enhanced Identity Management Platform” to provide additional security with authentication and login-based security options.

Further information on this security incident be found here: https://www.goto.com/blog/our-response-to-a-recent-security-incident

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Previous
Previous

Black Arrow Cyber Advisory 01/02/2023 – Attackers Using Microsoft’s Verified Publisher Status to Steal Data

Next
Next

Black Arrow Cyber Informational 30/01/2023 – PoC Released for Microsoft Certification Vulnerability, Devices Still Vulnerable Months After NSA Disclosure